Security

Enforcing Secure Object Initialization in Java

Date Added: Jul 2010
Format: PDF

Sun and the CERT recommend for secure Java development to not allow partially initialized objects to be accessed. The CERT considers the severity of the risks taken by not following this recommendation as high. The solution currently used to enforce object initialization is to implement a coding pattern proposed by Sun, which is not formally checked. The authors propose a modular type system to formally specify the initialization policy of libraries or programs and a type checker to statically check at load time that all loaded classes respect the policy. This allows proving the absence of bugs which have allowed some famous privilege escalations in Java.